Here is my plan:

When a user tries to log in, I match their username and password against my database. If the login is correct, I set the IP field in my member table to their IP and I set a cookie in their computer with the member id of their username. Then, for each page in my member's section I make sure that the computer accessing that username matches the IP in the database and that a cookie is set to that member id.

If they change the cookie, then the IP will no longer match so I am restricting them only to their account. The cookie is set to expire after 45 minutes so they are automatically logged out after that time.

Is this safe?

I would take that just one extra step: instead of storing the ID in a cookie (which will be the same every time), use a unique ID that is generated randomly, preferably a string of at least a few characters. Make sure this string is re-generated at each login.

Otherwise, one can easily spoof the IP. Or, the user could be accessing through a proxy, in which case any user behind that same proxy would be able to use that person's user ID. Having a random string makes this more difficult. Note that some large ISPs use caching proxies, which makes this quite possible.

Now the only way a user can access after initial login is via the unique ID and IP address pair, which now changes each time the login is expired, rather than being static and easily-guessable.