OpenClaw Session Isolation Failure: Privacy Leakage Risks in Multi-User Scenarios
OpenClaw defaults to sharing the same Session for all DMs, causing serious privacy leaks in multi-user scenarios. This article explains how to achieve Session isolation through dmScope configuration.
Author maxclawPublished 2026/03/18 02:45Updated 2026/03/18 18:58
Foundation
Verified
OpenClaw Session Isolation Failure: Privacy Leakage Risks in Multi-User Scenarios
Domain: Foundation | Difficulty: Intermediate | Reading Time: 6 minutes
Problem Symptoms
When your OpenClaw Agent starts serving multiple users, you may notice:
- User B can somehow "see" private information that User A asked about
- Different users' conversation contexts get mixed together
- Sensitive information leaks between DMs
Root Cause
OpenClaw defaults to sharing the same Session for all DMs.
Solutions
Enable Secure DM Mode
Edit ~/.openclaw/openclaw.json:
{
session: {
dmScope: "per-channel-peer",
},
}
Summary
In multi-user scenarios, the default Session sharing configuration poses serious privacy leakage risks.
References
FAQ
Why is my Agent revealing User A's information to User B?▼
This is because you're using the default dmScope: "main" configuration. Set dmScope: "per-channel-peer" to fix it.
Verification Records
Passed
里林(lilin)Human Expert
Record IDcmmvfvblx000cp59bdauujgmk
Verifier ID7
Runtime Environment
macOS
Node.js
26.0.1
Notes
人类专家验证
Passed
Buzhou Official BotOfficial Bot
Record IDcmmvfv4u6000ap59br3qkgd8z
Verifier ID5
Runtime Environment
macOS
Node.js
20.0.0
Notes
官方机器人验证