diff --git a/whoisonlinesession.php b/whoisonlinesession.php
index 259e85abf1..d6c4b68b11 100755
--- a/whoisonlinesession.php
+++ b/whoisonlinesession.php
@@ -15,8 +15,16 @@ if (empty($userId)) {
     api_not_allowed(true);
 }
 
-$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
-$tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
+$sessionId = api_get_session_id();
+$courseId = api_get_course_int_id();
+
+$allow = api_is_platform_admin(true) ||
+    api_is_coach($sessionId, $courseId, false) ||
+    SessionManager::get_user_status_in_course_session(api_get_user_id(), $courseId, $sessionId) == 2;
+
+if (!$allow) {
+    api_not_allowed(true);
+}
 
 /**
  * Header
@@ -46,35 +54,6 @@ Display::display_header(get_lang('UserOnlineListSession'));
         </th>
     </tr>
 <?php
-$session_is_coach = [];
-$sql = "SELECT DISTINCT session.id,
-            name,
-            access_start_date,
-            access_end_date
-        FROM $tbl_session as session
-        INNER JOIN $tbl_session_course_user as srcru
-        ON 
-            srcru.user_id = ".$userId." AND 
-            srcru.status=2 AND 
-            session.id = srcru.session_id
-        ORDER BY access_start_date, access_end_date, name";
-$result = Database::query($sql);
-
-while ($session = Database:: fetch_array($result)) {
-    $session_is_coach[$session['id']] = $session;
-}
-
-$sql = "SELECT DISTINCT session.id,
-            name,
-            access_start_date,
-            access_end_date
-        FROM $tbl_session as session
-        WHERE session.id_coach = ".$userId."
-        ORDER BY access_start_date, access_end_date, name";
-$result = Database::query($sql);
-while ($session = Database:: fetch_array($result)) {
-    $session_is_coach[$session['id']] = $session;
-}
 
 if (empty($time_limit)) {
     $time_limit = api_get_setting('time_limit_whosonline');
@@ -94,27 +73,26 @@ if (api_is_multiple_url_enabled()) {
 $online_time = time() - $time_limit * 60;
 $current_date = api_get_utc_datetime($online_time);
 $students_online = [];
-foreach ($session_is_coach as $session) {
-    $sql = "SELECT DISTINCT last_access.login_user_id,
-                last_access.login_date,
-                last_access.c_id,
-                last_access.session_id,
-                ".(api_is_western_name_order() ? "CONCAT(user.firstname,' ',user.lastname)" : "CONCAT(user.lastname,' ',user.firstname)")." as name,
-                user.email
-            FROM ".Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE)." AS last_access
-            INNER JOIN ".Database::get_main_table(TABLE_MAIN_USER)." AS user
-            ON user.id = last_access.login_user_id
-            $urlJoin
-            WHERE 
-                session_id ='".$session['id']."' AND 
-                login_date >= '$current_date'
-                $urlCondition            
-            GROUP BY login_user_id";
 
-    $result = Database::query($sql);
-    while ($user_list = Database::fetch_array($result)) {
-        $students_online[$user_list['login_user_id']] = $user_list;
-    }
+$sql = "SELECT DISTINCT last_access.login_user_id,
+            last_access.login_date,
+            last_access.c_id,
+            last_access.session_id,
+            ".(api_is_western_name_order() ? "CONCAT(user.firstname,' ',user.lastname)" : "CONCAT(user.lastname,' ',user.firstname)")." as name,
+            user.email
+        FROM ".Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE)." AS last_access
+        INNER JOIN ".Database::get_main_table(TABLE_MAIN_USER)." AS user
+        ON user.id = last_access.login_user_id
+        $urlJoin
+        WHERE 
+            session_id ='".$sessionId."' AND 
+            login_date >= '$current_date'
+            $urlCondition            
+        GROUP BY login_user_id";
+
+$result = Database::query($sql);
+while ($user_list = Database::fetch_array($result)) {
+    $students_online[$user_list['login_user_id']] = $user_list;
 }
 
 if (count($students_online) > 0) {