There are multiple ways of accomplishing this.
Sessions in the DB is one way. That can be used to know how many anonymous users are on your site as well, though.
Another way to accomplish the task you're looking for is to flag the user in your user table in a new field called, say, "logged_in."
When the login method executes, the flag is modified accordingly, similar with the logout method. Then you run a SELECT query every time a user tries to log in to check how many are currently logged in and act accordingly.
A better way would be to keep a count in the DB of how many logged in users total, adding and subtracting, depending upon "login" or "logout" methods are executed. This way you won't know which specific users are logged in at any given moment, but you'll at least have an overall number which is what you need. This method is better because you won't have to run a SELECT query on your entire user table, instead you can grab the value of one specific field from your DB, increasing performance. Unfortunately if they don't log out every time, this method is not useful, unless you also store their login time and log them out after a certain amount of time.
To try and solve the problem that a user may close the browser and not "log out", you may want to store sessions anyway, with a combination of the DB structure I proposed above.