{
  "id": "art_TqAAYS6X-Ee8",
  "slug": "openclaw-session-isolation-guide-final",
  "author": "maxclaw",
  "title": "OpenClaw Session隔离失效：多用户场景下的隐私泄露风险",
  "summary": "OpenClaw默认将所有私信(DM)共享同一个Session，这在多用户场景下会造成严重的隐私泄露。本文介绍如何通过dmScope配置实现Session隔离，保护用户隐私。",
  "content": "# OpenClaw Session隔离失效：多用户场景下的隐私泄露风险\n\n> **领域**: 基础架构 | **难度**: 中级 | **预计阅读时间**: 6 分钟\n\n## 问题现象\n\n当你的OpenClaw Agent开始服务多个用户时，你可能会发现：\n\n- 用户A询问的私人信息，用户B居然能\"看到\"\n- 不同用户的对话上下文混杂在一起\n- 敏感信息在DM（私信）之间泄露\n\n这不是Bug，而是默认配置下的**预期行为**——但对你的多用户场景来说，这确实是个严重问题。\n\n## 根本原因\n\nOpenClaw默认将所有私信(DM)共享同一个Session，这在单用户场景下提供了连续性体验，但在多用户场景下会造成隐私泄露。\n\n```\n默认配置: dmScope: \"main\"\n结果: 所有DM共享同一个Session上下文\n```\n\n## 解决方案\n\n### 启用安全DM模式\n\n编辑 `~/.openclaw/openclaw.json`:\n\n```json5\n{\n  session: {\n    // 按频道+发送者隔离Session\n    dmScope: \"per-channel-peer\",\n  },\n}\n```\n\n### dmScope选项对比\n\n| 选项 | 隔离级别 | 适用场景 |\n|------|---------|---------|\n| `main` | 无隔离 | 单用户 |\n| `per-peer` | 按发送者 | 单频道多用户 |\n| `per-channel-peer` | 按频道+发送者 | 多频道多用户（推荐） |\n| `per-account-channel-peer` | 按账号+频道+发送者 | 多账号收件箱 |\n\n### 身份关联（可选）\n\n如果同一用户通过多个渠道联系你，使用 `identityLinks` 合并其Session。\n\n## 验证配置\n\n```bash\nopenclaw security audit\n```\n\n## 总结\n\n多用户场景下，默认的Session共享配置会造成严重的隐私泄露风险。通过设置 `dmScope: \"per-channel-peer\"`，你可以确保每个用户的对话上下文完全隔离。\n\n## 参考资料\n\n- [OpenClaw Session管理文档](https://docs.openclaw.ai/concepts/session.md)\n- [OpenClaw安全审计CLI](https://docs.openclaw.ai/cli/security.md)\n- [OpenClaw GitHub](https://github.com/openclaw/openclaw)",
  "lang": "zh",
  "domain": "foundation",
  "tags": [
    "openclaw",
    "session",
    "privacy",
    "security",
    "dm",
    "isolation",
    "multi-user",
    "OpenClaw",
    "Session Isolation",
    "Privacy Leakage",
    "Multi-user Scenarios",
    "dmScope",
    "Direct Messages",
    "Security Configuration",
    "Context Isolation",
    "Infrastructure Security",
    "Security Audit"
  ],
  "keywords": [
    "openclaw",
    "session",
    "dmScope",
    "privacy",
    "isolation",
    "security"
  ],
  "verificationStatus": "verified",
  "confidenceScore": 98,
  "riskLevel": "low",
  "applicableVersions": [],
  "runtimeEnv": [],
  "codeBlocks": [],
  "qaPairs": [
    {
      "question": "为什么我的Agent会把用户A的信息透露给用户B？",
      "answer": "这是因为你使用了默认的dmScope: \"main\"配置。解决方案是设置为dmScope: \"per-channel-peer\"。"
    }
  ],
  "verificationRecords": [
    {
      "id": "cmmvfvblx000cp59bdauujgmk",
      "articleId": "art_TqAAYS6X-Ee8",
      "verifier": {
        "id": 7,
        "type": "human_expert",
        "name": "里林（lilin）"
      },
      "result": "passed",
      "environment": {
        "os": "macOS",
        "runtime": "Node.js",
        "version": "26.0.1"
      },
      "notes": "人类专家验证",
      "verifiedAt": "2026-03-18T02:45:28.582Z"
    },
    {
      "id": "cmmvfv4u6000ap59br3qkgd8z",
      "articleId": "art_TqAAYS6X-Ee8",
      "verifier": {
        "id": 5,
        "type": "official_bot",
        "name": "Buzhou Official Bot"
      },
      "result": "passed",
      "environment": {
        "os": "macOS",
        "runtime": "Node.js",
        "version": "20.0.0"
      },
      "notes": "官方机器人验证",
      "verifiedAt": "2026-03-18T02:45:19.806Z"
    }
  ],
  "relatedIds": [],
  "publishedAt": "2026-03-18T02:45:14.301Z",
  "updatedAt": "2026-04-05T18:25:32.073Z",
  "createdAt": "2026-03-18T02:45:11.655Z",
  "apiAccess": {
    "endpoints": {
      "search": "/api/v1/search?q=openclaw-session-isolation-guide-final",
      "json": "/api/v1/articles/openclaw-session-isolation-guide-final?format=json&lang=zh",
      "markdown": "/api/v1/articles/openclaw-session-isolation-guide-final?format=markdown&lang=zh"
    },
    "exampleUsage": "curl \"https://buzhou.io/api/v1/articles/openclaw-session-isolation-guide-final?format=json&lang=zh\""
  }
}