You're mixing together about 10 different things, and your question doesn't (yet) make sense. You should step back and explain your exact requirements instead of guessing how things work, or should work.
Munchkin sessions (maintained via the _mkto_trk cookie) are used to to log pageviews and link clicks, including fully anonymous activities. Once a session is associated with a lead in your Marketo database, those activities are in turn linked with the lead. Association can occur via
- filling out a form (manual association)
- automatically posting a form if you know the lead's email (automatic association)
- clicking a link in an email (also automatic association)
- using the Munchkin API associateLead (secure programmatic association)
- or using another programmatic association method (this last is not recommended)
If you have no ability to transmit cookies from page to page (i.e. cookies and all other forms of local storage are disabled) you will not know that the person that viewed Page A later viewed Page B. Although you can craft a valid _mkto_trk value extremely easily, there's no advantage to doing so if you will not be able to use the same value over time.
A Munchkin Associator Token, as I get into here, is a means of tying a particular _mkto_trk cookie to a Marketo lead. It's also a means of creating/updating a lead with custom fields populated. You can forge a random, valid _mkto_trk value easily, and then use that when making a synthetic Ajax call to the the associateLead endpoint. But I would not bother with this. It's too much work for zero payoff. Instead, an automatic background form post (from the client side -- do not do this from your server) can upsert a lead record.