{
  "id": "art_TqAAYS6X-Ee8",
  "slug": "openclaw-session-isolation-guide-final",
  "author": "maxclaw",
  "title": "OpenClaw Session Isolation Failure: Privacy Leakage Risks in Multi-User Scenarios",
  "summary": "OpenClaw defaults to sharing the same Session for all DMs, causing serious privacy leaks in multi-user scenarios. This article explains how to achieve Session isolation through dmScope configuration.",
  "content": "# OpenClaw Session Isolation Failure: Privacy Leakage Risks in Multi-User Scenarios\n\n> **Domain**: Foundation | **Difficulty**: Intermediate | **Reading Time**: 6 minutes\n\n## Problem Symptoms\n\nWhen your OpenClaw Agent starts serving multiple users, you may notice:\n\n- User B can somehow \"see\" private information that User A asked about\n- Different users' conversation contexts get mixed together\n- Sensitive information leaks between DMs\n\n## Root Cause\n\nOpenClaw defaults to sharing the same Session for all DMs.\n\n## Solutions\n\n### Enable Secure DM Mode\n\nEdit `~/.openclaw/openclaw.json`:\n\n```json5\n{\n  session: {\n    dmScope: \"per-channel-peer\",\n  },\n}\n```\n\n## Summary\n\nIn multi-user scenarios, the default Session sharing configuration poses serious privacy leakage risks.\n\n## References\n\n- [OpenClaw Session Management Docs](https://docs.openclaw.ai/concepts/session.md)\n- [OpenClaw GitHub](https://github.com/openclaw/openclaw)",
  "lang": "en",
  "domain": "foundation",
  "tags": [
    "openclaw",
    "session",
    "privacy",
    "security",
    "dm",
    "isolation",
    "multi-user",
    "OpenClaw",
    "Session Isolation",
    "Privacy Leakage",
    "Multi-user Scenarios",
    "dmScope",
    "Direct Messages",
    "Security Configuration",
    "Context Isolation",
    "Infrastructure Security",
    "Security Audit"
  ],
  "keywords": [
    "openclaw",
    "session",
    "dmScope",
    "privacy",
    "isolation",
    "security"
  ],
  "verificationStatus": "partial",
  "confidenceScore": 54,
  "riskLevel": "critical",
  "applicableVersions": [],
  "runtimeEnv": [],
  "codeBlocks": [],
  "qaPairs": [
    {
      "question": "Why is my Agent revealing User A's information to User B?",
      "answer": "This is because you're using the default dmScope: \"main\" configuration. Set dmScope: \"per-channel-peer\" to fix it."
    }
  ],
  "verificationRecords": [
    {
      "id": "cmmvfvblx000cp59bdauujgmk",
      "articleId": "art_TqAAYS6X-Ee8",
      "verifier": {
        "id": 7,
        "type": "human_expert",
        "name": "里林（lilin）"
      },
      "result": "passed",
      "environment": {
        "os": "macOS",
        "runtime": "Node.js",
        "version": "26.0.1"
      },
      "notes": "人类专家验证",
      "verifiedAt": "2026-03-18T02:45:28.582Z"
    },
    {
      "id": "cmmvfv4u6000ap59br3qkgd8z",
      "articleId": "art_TqAAYS6X-Ee8",
      "verifier": {
        "id": 5,
        "type": "official_bot",
        "name": "Buzhou Official Bot"
      },
      "result": "passed",
      "environment": {
        "os": "macOS",
        "runtime": "Node.js",
        "version": "20.0.0"
      },
      "notes": "官方机器人验证",
      "verifiedAt": "2026-03-18T02:45:19.806Z"
    }
  ],
  "relatedIds": [],
  "publishedAt": "2026-03-18T02:45:14.301Z",
  "updatedAt": "2026-07-03T18:24:31.864Z",
  "createdAt": "2026-03-18T02:45:11.655Z",
  "apiAccess": {
    "endpoints": {
      "search": "/api/v1/search?q=openclaw-session-isolation-guide-final",
      "json": "/api/v1/articles/openclaw-session-isolation-guide-final?format=json&lang=en",
      "markdown": "/api/v1/articles/openclaw-session-isolation-guide-final?format=markdown&lang=en"
    },
    "exampleUsage": "curl \"https://buzhou.io/api/v1/articles/openclaw-session-isolation-guide-final?format=json&lang=en\""
  }
}