how to generate a random session variable in php

Your method has holes. If the random variable is in a hidden form field then anyone (including bots) can simply get the variable and activate the account automatically without having a valid email address.

To insert the key I would personally do something like...

$key = md5($username . $password . $salt);

Insert that into your MySQL database, then send them a email with it, my next code shows how to activate it.

This is to activate the account.

<?php 
$key;
$errors = array();
if(isset($_GET['key']){
     $key = $_GET['key'];
     $sql = 'SELECT * FROM users WHERE key = \'' . $key '\' LIMIT 1';
     $result = mysql_query($sql) or die(mysql_error());
     if(mysql_num_rows($result)){
          $sql2 = 'UPDATE users SET active = 1 WHERE key = \'' . $key '\' LIMIT 1';
          $result2 = mysql_query($sql2) or die(mysql_error());
          if($result2){
               //successfully activated account
          }
          else{
               //Something Went Wrong!
          }
     }
     else{
          $errors[] = 'Invaild Key, Please try again!';
     }
}
else{
     $errors[] = 'Invaild Key, Please try again!';
}
?>