That will require a custom authentication provider. It's not a hard thing to do, but ... it will require some thinking about how to actually implement it. There is no information stored about a user that tells you if someone is logged in. And, there is nothing that prevents a user from staying logged in, depending on how you have timeouts set up. The login "cookie" is stored on the user's computer and, when it expires, nothing is sent to the website to indicate that the user is "logged out."
For information about custom authentication providers and how to create one, look at Joe Brinkman's blog entry
here.
You might also take a look at how the Users Online module works to see if a user currently is online. You might be able to hook into that.