Index: password_policy.admin.inc
===================================================================
--- password_policy.admin.inc	(revision 22060)
+++ password_policy.admin.inc	(working copy)
@@ -382,6 +382,14 @@
     '#description' => t('If empty, the standard page user/#/edit or user/#/password will be used (depending on whether or not the password_tab module is enabled).'),
     '#default_value' => variable_get('password_policy_profile_page', ''),
   );
+  $form['password_policy_exclude_pages'] = array(
+    '#title' => t('Page Exclusion List'),
+    '#type' => 'textarea',
+    '#description' => t('The user will be able to access these pages without changing their password. This should always include the logout path.'),
+    '#default_value' => variable_get('password_policy_exclude_pages', 'logout'),  
+    '#wysiwyg' => FALSE,
+  );
+
   $roles = user_roles(TRUE);
   $form['password_policy_force_change_roles'] = array(
     '#type' => 'checkboxes',
@@ -404,6 +412,7 @@
   $selected_roles = array();
   variable_set('password_policy_new_login_change', $form_state['values']['password_policy_new_login_change']);
   variable_set('password_policy_profile_page', $form_state['values']['password_policy_profile_page']);
+  variable_set('password_policy_exclude_pages', $form_state['values']['password_policy_exclude_pages']);
   if ($form_state['values']['password_policy_new_login_change'] == 1) {
     watchdog('password policy', t('New user accounts must change password on new login enabled by !admin', array('!admin' => $user->name)), array(), WATCHDOG_NOTICE);
   }
Index: password_policy.module
===================================================================
--- password_policy.module	(revision 22060)
+++ password_policy.module	(working copy)
@@ -34,7 +34,15 @@
   $change_password_url = variable_get('password_policy_profile_page', 'user/'. $account->uid .'/'. (module_exists('password_policy_password_tab') ? 'password' : 'edit'));
   if ($account->force_password_change && $_GET['q'] != $change_password_url) {
     // let users log out
-    if (arg(0) != 'logout') {
+    $path = drupal_get_path_alias($_GET['q']);
+    // Compare with the internal and path alias (if any).
+    $pages = variable_get('password_policy_exclude_pages', 'logout');
+    $page_match = drupal_match_path($path, $pages);
+    if ($path != $_GET['q']) {
+      $page_match = $page_match || drupal_match_path($_GET['q'], $pages);
+    }
+
+    if (!$page_match) {
       drupal_set_message(t('Your password has expired. You must change your password to proceed on the site.'), 'error', FALSE);
       drupal_goto($change_password_url, drupal_get_destination());
     }