Most of what you propose is good, but remember that most session libraries are going to regenerate the session ID every few minutes, or at whatever interval you specify. Session ID regeneration is critical. Also, the IP matching has potential problems that you can read about, but just know that it's not perfect. Lastly, you mention nothing of expiration for your login. Be sure to have an expiration.
Sessions and cookies in PHP differ in one major way. With sessions the session data is stored on the server, and a session ID basically gives you access to it. With cookies the data is passed to the browser, and the browser passes the data back with every request after that. This difference can effect the availability of the data in your code, so just know the difference. Also, since the data stored in the session is on the server, and the data stored in a cookie is sent to the browser, be aware of the consequences of that data being where it is. Either way, I always encrypt my session/cookie contents.
If you're having problems with sessions, I'd say it would be better for you to learn how to correct the problems, not just switch to cookies. You're probably going to find that whatever problems you're having with sessions will be there with cookies too, once you make your login robust enough to be safe and full featured.
Community Auth uses CI's session library just for the convenience of it being there, but it also sets some cookies as well. Cookie contents are encrypted by default.
