diff --git a/constants.h b/constants.h
index 3c19237..84c5581 100644
--- a/constants.h
+++ b/constants.h
@@ -107,13 +107,24 @@ enum MCS_PDU_TYPE
 #define SEC_TAG_CLI_INFO	0xc001
 #define SEC_TAG_CLI_CRYPT	0xc002
 #define SEC_TAG_CLI_CHANNELS    0xc003
-#define SEC_TAG_CLI_4           0xc004
+#define SEC_TAG_CLI_CLUSTER     0xc004
 
 #define SEC_TAG_PUBKEY		0x0006
 #define SEC_TAG_KEYSIG		0x0008
 
 #define SEC_RSA_MAGIC		0x31415352	/* RSA1 */
 
+/* Client cluster constants */
+#define SEC_CC_REDIRECTION_SUPPORTED          0x00000001
+#define SEC_CC_REDIRECT_SESSIONID_FIELD_VALID 0x00000002
+#define SEC_CC_REDIRECTED_SMARTCARD           0x00000040
+#define SEC_CC_REDIRECT_VERSION_MASK          0x0000003c
+
+#define SEC_CC_REDIRECT_VERSION_3             0x02
+#define SEC_CC_REDIRECT_VERSION_4             0x03
+#define SEC_CC_REDIRECT_VERSION_5             0x04
+#define SEC_CC_REDIRECT_VERSION_6             0x05
+
 /* RDP licensing constants */
 #define LICENCE_TOKEN_SIZE	10
 #define LICENCE_HWID_SIZE	20
diff --git a/rdesktop.c b/rdesktop.c
index 3b1efc7..42011f4 100644
--- a/rdesktop.c
+++ b/rdesktop.c
@@ -122,6 +122,7 @@ char *g_redirect_username;
 uint8 *g_redirect_lb_info;
 uint32 g_redirect_lb_info_len;
 uint32 g_redirect_flags = 0;
+uint32 g_redirect_session_id = 0;
 
 uint32 g_reconnect_logonid = 0;
 char g_reconnect_random[16];
diff --git a/secure.c b/secure.c
index 31050c6..05773bf 100644
--- a/secure.c
+++ b/secure.c
@@ -33,6 +33,7 @@ extern RD_BOOL g_licence_issued;
 extern RD_BOOL g_licence_error_result;
 extern RDP_VERSION g_rdp_version;
 extern RD_BOOL g_console_session;
+extern uint32 g_redirect_session_id;
 extern int g_server_depth;
 extern VCHANNEL g_channels[];
 extern unsigned int g_num_channels;
@@ -453,10 +454,19 @@ sec_out_mcs_data(STREAM s, uint32 selected_protocol)
 	out_uint8s(s, 64);
 	out_uint32_le(s, selected_protocol);	/* End of client info */
 
-	out_uint16_le(s, SEC_TAG_CLI_4);
-	out_uint16_le(s, 12);
-	out_uint32_le(s, g_console_session ? 0xb : 9);
-	out_uint32(s, 0);
+	/* Write a Client Cluster Data (TS_UD_CS_CLUSTER) */
+	uint32 cluster_flags = 0;
+	out_uint16_le(s, SEC_TAG_CLI_CLUSTER);	/* header.type */
+	out_uint16_le(s, 12);	/* length */
+
+	cluster_flags |= SEC_CC_REDIRECTION_SUPPORTED;
+	cluster_flags |= (SEC_CC_REDIRECT_VERSION_3 << 2);
+
+	if (g_console_session || g_redirect_session_id != 0)
+		cluster_flags |= SEC_CC_REDIRECT_SESSIONID_FIELD_VALID;
+
+	out_uint32_le(s, cluster_flags);
+	out_uint32(s, g_redirect_session_id);
 
 	/* Client encryption settings */
 	out_uint16_le(s, SEC_TAG_CLI_CRYPT);