Don't worry. These kinds of size and resource hogging issues due to session file traffic is a common affliction facing backup utilities, web servers, and other high uptime services. See, for instance... Ubuntu 16.04((HyperV)-very large file in /tmp,keeps growing... large CPU and network load while system is idle.
Note, that post is NOT a duplicate... your files are indeed Apache session files (per the /tmp/php*) ... but in that case you see that a backup utility (Duplicati) writing /tmp/dup* backup files wantonly will lead to much the same CPU hogging and gobbling storage seem similar. Naughty programs... abusing those temporary files.
Check out the [SOLVED] cross-post on ubuntuforums.org -- it happens but there's hope for them, and you as well.
Practically speaking, there's a simple solution, and a more in-depth multi-faceted one. Which will work for you will boil down to your usage plans.
Easy Fix (Bye, Bye, Bye [Web Server])
First question -- are you INTENDING to run an Apache Web server from your ailing box?
IF NOT, you arguable should disable Apache auto-startup by using update-rc.d to update the bootup services preferences in /etc/init.d/.
By default, many Linux distros will start Apache running -- even if you don't know what it does and never use it. Best case, maybe you can just flip the switch in the boot configuration and not only solve this issue, but guard yourself against some potential security risks in the process.
Stuck in the Web You're Spinning
But maybe you WANT to run a Web Server. Okay, okay.
In that case the fix isn't so ubiquitous and certain, but here's some suggestions of how to stabilize things and potentially find a fix...
From a paranoid I would recommend given these circumstances making sure you are up to date w/ the latest security patches. This is not meant to sound alarming... but of course there are Apache2 known exploits impacting your distro version's bundled copy of Apache... in fact there's even an article discussing exploiting your specific version for "educational purposes" (see CVEs: 1, 2, 3), so if you don't have these yet / recently installed, your behavior may be a sign of exploitation. Better safe than sorry.
A word of encouragement -- Ubuntu 16.04 has also been called "The Perfect Server" by some, so don't let vulnerabilities scare you off, just make sure out of an abundance of caution that your affairs are in order on the security front.
NEXT, confirm your suspicions (which I share) that these are indeed PHP session files from the Web Server, by verifying Apache's session files path... should match /tmp/ unless something very weird is going on.
Assuming a match, it's probably a configuration file issue, so buy yourself some time, as follows.
Destroy all sessions via a little PHP script and do a one-off cleanup to buy some time (see: How to clean /tmp? and How is the /tmp directory cleaned up?).
Now that the bleeding has slowed, reevaluate whether there's something odd that's causing Apache's zombie hunger. See:
From what I gathered, poorly curated configurations governing garbage collection / session lifetime are common causes for session files growing onerously large.
If none of that works, I would try to see whether the growth seems tied to certain circumstances and would definitely post details to the appropriate mailing list / ubuntuforums.org.
