refactor(session): migrate V2 session listener initialization to improve dependency injection and role handling

apps/mobile/apps/client/lib/main.dart

@@ -30,16 +30,6 @@ void main() async {
     logStateChanges: false, // Set to true for verbose debugging
   );
 
-  // Initialize V2 session listener for Firebase Auth state changes.
-  // Role validation calls GET /auth/session via the V2 API.
-  V2SessionService.instance.initializeAuthListener(
-    allowedRoles: <String>[
-      'CLIENT',
-      'BUSINESS',
-      'BOTH',
-    ], // Only allow users with CLIENT, BUSINESS, or BOTH roles
-  );
-
   runApp(
     ModularApp(
       module: AppModule(),

apps/mobile/apps/client/lib/src/widgets/session_listener.dart

@@ -27,11 +27,20 @@ class _SessionListenerState extends State<SessionListener> {
   @override
   void initState() {
     super.initState();
-    _setupSessionListener();
+    _initializeSession();
   }
 
-  void _setupSessionListener() {
-    _sessionSubscription = V2SessionService.instance.onSessionStateChanged
+  void _initializeSession() {
+    // Resolve V2SessionService via DI — this triggers CoreModule's lazy
+    // singleton, which wires setApiService(). Must happen before
+    // initializeAuthListener so the session endpoint is reachable.
+    final V2SessionService sessionService = Modular.get<V2SessionService>();
+
+    sessionService.initializeAuthListener(
+      allowedRoles: const <String>['CLIENT', 'BUSINESS', 'BOTH'],
+    );
+
+    _sessionSubscription = sessionService.onSessionStateChanged
         .listen((SessionState state) {
           _handleSessionChange(state);
         });