keep in mind the onUnload event is a javascript event, so you must call javascript code/function that references your php code to delete the user
one obvious way to do this is, have your javascript function do a window.open() to a special php page that deletes from the online user list, and pass that page the name via the query string
e.g. -
onUnload='window.open("removeOnlineUser.php?username=<?=$_SESSION['username']?>");'
then, in the removeOnlineUser.php file, you do the database query/whatever to remove that username from the online list
this of course in not secure[1], but it would work
you can increase security by using sessions, and have the removeOnlineUser.php page make sure a user can only remove his own name from the list ..
this is all conjecture, I've never done it .. but hope it helps
[1] all a "malicious" user would need to know is the url and the usernames of online users, and could arbitrarily delete users from the online user list by calling the url with a custom query string
