Can't access URL via ajax

I’m trying to refresh a div every 5 seconds or so with an ajax function. The function below uses an XMLHttpRequest to do the refresh. In order to do this it requests a controller/action URL with this line of code"GET", "protected/controllers/room/openRoom", true);

. room is the controller ID, openRoom is the action.

I’ve tried using just the room/openRoom URL but it can’t find the file with that URL. With the above URL it can find the resource but is not allowed access to it. I’m getting a 403 Access forbidden error.

Access forbidden! You don’t have permission to access the requested object. It is either read-protected or not readable by the server.

I can access files by directly tying their URL into the browser address bar as long as they’re outside the protected folder. The URL being requested above in the ajax function is inside the protected folder, hence the 403 error. Any ideas as to how I’d get around this?

Here is the full ajax function

<script type="text/javascript">

    function ajaxFunction(){

	var ajaxRequest;  // The variable that makes Ajax possible!



		// Opera 8.0+, Firefox, Safari

		ajaxRequest = new XMLHttpRequest();

	} catch (e){

		// Internet Explorer Browsers


			ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");

		} catch (e) {


				ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");

			} catch (e){

				// Something went wrong

				alert("Your browser broke!");

				return false;




	// Create a function that will receive data sent from the server

	ajaxRequest.onreadystatechange = function(){

                var list = document.getElementById('userList');

		if(ajaxRequest.readyState == 4){

			list.innerHTML = ajaxRequest.responseText;

                       // $('#userList').load('protected/views/room/openModeratorRoom.php #userList');

                        //setTimeout(function() {ajaxFunction();}, 5000);


	}"GET", "protected/controllers/room/openRoom", true);






<script type="text/javascript">

			setInterval(function() {ajaxFunction();}, 5000);




At first I would suggest you to use jQuery to make AJAX calls cause it is cross browser compatible and you have to write much less lines of code.

One problem I see is that you don’t know how url’s are created in yii so the following should help you:

  • Guide - Creating urls

If you understand how it works try to solve it with the help of the following articles:

  • Wiki - Ajax update
  • Wiki - Update content in ajax with partialrender

Good luck ;)

Thanks kokomo. You’re dead write there, there’s a lot I don’t know, yii and php are still quite new to me, as is ajax. Anywho, I had already checked out the ajax links you sent, and although they are quite informative I don’t think they tell me what I need to know. I’ll explain what it is I’m trying to do.

My app has rooms, like chat rooms. So one user, let’s say bob, logs into room 233 and joe and jack also log into that room a minute later. The room view displays a list of all users currently in the room. So bob logs in first, he sees his name displayed in the logged in div. Joe logs in next and he sees his name and bobs name in the list. Since every time someone logs in a script runs retrieving all the names in that room to be displayed. Jack logs in a minute later and he sees his name, jack and bobs name in the list. But of course since everyone has their own http session bob doesn’t see the updates on his creen, nor does joe when jack logs in. As far as bob knows he’s the only one in the room as his screen hasn’t refreshed, nor has joe’s so joe doesn’t know jack has logged in. Forgive me if this seems oversimplified, just trying to be crystal clear here. So if I use ajax buttons will they make any difference?, what I was thinking is I need an ajax function to refresh that list/div every 10 seconds or so.

Since when someone logs in it obviously only refreshes info in their session, not across all users in the room right? If there’s any way that you know of to solve this problem with jquery could you point me to those resources, anything at all would be very helpful. I have a deadline for this project this friday so any help is greatly appreciated.

@habatone have you seen this?


I have yes, it’s quite long though and as I read through the first few parts I wasn’t sure it was gonna give me the answer to my current problem. Am I wrong?

The reason for that horrible URL is this, with the above ajax function using the proper URL"GET", "room/openRoom", true);

I get a 404 error, object not found. I noticed by looking at the console in google that it’s looking for this url in the wrong folder.

My folder structure, starting inside the web root folder is this:

http://webconf_2/webconf/protected/controllers/room/openRoom. room is the controller, openRoom is the action

but the error message I’m getting is http://webconf_2/webconf/room/openRoom 404 not found. It’s looking for the URL just inside the webconf folder. That’s why I appended the url in the ajax function. By doing that it could see the resource, just can’t access it. Does that make any sense?

ps…for whatever reason that first folder structure won’t come out right when I post. It should read webconf_2->webconf->protected->controllers->room->openRoom

I wonder if [font="Courier New"]/protected/controllers[/font] fits in there.

Anyway, if the url is correct, you still have to make sure that you gave correct access rules to your openRoom action.

You know what, my roomController doesn’t even have an access rules function in there. Are they automatically generated if you create your controllers with gii? I put one in there anyways and allowed all users access to the actions. It only has login, logout, and openRoom actions so no harm there I think. Still getting the 404 error though, it’s starting to drive me nuts!!

404 error is not for bad access rules. It means the url is not found.

I said:

It seems that you also have this thread active

There, a member suggested you use a syntax like


That’s also present in the link kokomo posted.

Think I’ve got it, I’m using this Url"GET", "index.php?r=room/WhoIsLoggedIn", true);

and it seems to be working. It was looking for index.php originally cause I guess all requests go through that file don’t they?

Entry Script

URL Management

Also try to google for the "Front Controller" design pattern.

Thanks phtamas