We have run into this issue three times now after a minor code upgrade.  After both units have been rebooted in a rolling reload, cluster uptime is counted in years, and AFTER the ASA disconnects the client from a time out, when the user goes to reconnect, their login displays the list of profiles, which causes confusion with general users, because they have the memories of a snail and don't remember which one to choose, which leads to a lot of help desk calls.

There are 4 profiles for various tunneling and two factor. It seems that after each update to the ASA, this happens.  Whats more confusing is some have the drop down on the login popup, some don't, and have to manually enter the /profile after the address. Now the address is still there, the alias is missing, so some form of the profile is still on the machine.

I did the upgrade a few days ago, tested the VPN right after it completed, did not lose the profile, it connected to the correct one without the drop down. This morning, after the 3 day timer expired, I had to reconnect, and that is when the drop down reappears.  It seems as though when the firewall forces the connection closed, that is when the profile goes away. A manual disconnect did not.  Even after a manual disconnect and reconnect, if the ASA forces it closed, it goes away. 

I opened a TAC case last time, went unresolved so asking the community if they have a clue as to why.