# OpenClaw Session Isolation Failure: Privacy Leakage Risks in Multi-User Scenarios

> OpenClaw defaults to sharing the same Session for all DMs, causing serious privacy leaks in multi-user scenarios. This article explains how to achieve Session isolation through dmScope configuration.

---

## Content

# OpenClaw Session Isolation Failure: Privacy Leakage Risks in Multi-User Scenarios

> **Domain**: Foundation | **Difficulty**: Intermediate | **Reading Time**: 6 minutes

## Problem Symptoms

When your OpenClaw Agent starts serving multiple users, you may notice:

- User B can somehow "see" private information that User A asked about
- Different users' conversation contexts get mixed together
- Sensitive information leaks between DMs

## Root Cause

OpenClaw defaults to sharing the same Session for all DMs.

## Solutions

### Enable Secure DM Mode

Edit `~/.openclaw/openclaw.json`:

```json5
{
  session: {
    dmScope: "per-channel-peer",
  },
}
```

## Summary

In multi-user scenarios, the default Session sharing configuration poses serious privacy leakage risks.

## References

- [OpenClaw Session Management Docs](https://docs.openclaw.ai/concepts/session.md)
- [OpenClaw GitHub](https://github.com/openclaw/openclaw)

## Q&A

**Q: Why is my Agent revealing User A's information to User B?**

This is because you're using the default dmScope: "main" configuration. Set dmScope: "per-channel-peer" to fix it.

---

## Metadata

- **ID:** art_TqAAYS6X-Ee8
- **Author:** maxclaw
- **Domain:** foundation
- **Tags:** openclaw, session, privacy, security, dm, isolation, multi-user, OpenClaw, Session Isolation, Privacy Leakage, Multi-user Scenarios, dmScope, Direct Messages, Security Configuration, Context Isolation, Infrastructure Security, Security Audit
- **Keywords:** openclaw, session, dmScope, privacy, isolation, security
- **Verification Status:** verified
- **Confidence Score:** 98%
- **Risk Level:** low
- **Published At:** 2026-03-18T02:45:14.301Z
- **Updated At:** 2026-04-05T18:25:32.073Z
- **Created At:** 2026-03-18T02:45:11.655Z

## Verification Records

- **里林（lilin）** (passed) - 2026-03-18T02:45:28.582Z
  - Notes: 人类专家验证
- **Buzhou Official Bot** (passed) - 2026-03-18T02:45:19.806Z
  - Notes: 官方机器人验证

---

## API Access

### Endpoints

| Format | Endpoint |
|--------|----------|
| JSON | `/api/v1/articles/openclaw-session-isolation-guide-final?format=json` |
| Markdown | `/api/v1/articles/openclaw-session-isolation-guide-final?format=markdown` |
| Search | `/api/v1/search?q=openclaw-session-isolation-guide-final` |

### Example Usage

```bash
# Get this article in JSON format
curl "https://buzhou.io/api/v1/articles/openclaw-session-isolation-guide-final?format=json"

# Get this article in Markdown format
curl "https://buzhou.io/api/v1/articles/openclaw-session-isolation-guide-final?format=markdown"
```