The best option is SSO.
I was thinking to create SSO for tm1userconference app, but I didn't have much time for that during conference app development. And implementing SSO is not a quick and easy task). But I believe it's doable.
If the question is just related to a short Canvas timeout, you may try to increase a standard 30 minutes timeout in WEB-INF/web.xml.
HTTPSessionTimeoutMinutes needs be updated in tm1s.cfg as well.